General
-
Target
944246c622b25e20ac2b929b025868ab_JaffaCakes118
-
Size
650KB
-
Sample
240813-w8bfwsvbjm
-
MD5
944246c622b25e20ac2b929b025868ab
-
SHA1
c17c3069aed87448c050d70938fef531b9e4f142
-
SHA256
5bec625d37415824f7716f239573721837985fdeb2a2f9d4c769f878c089e622
-
SHA512
cdbad2dacd1cb82792396bd55b84e24ebc684150e68fa9a4b81fa2b77808f38276399c8b0036174fbbee647b60c3f276579a850a7d6fe09b0ccbb3ab65303482
-
SSDEEP
12288:dk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aVj:u0QpGih4bd0rv5+l5szLXj917cqPu91T
Behavioral task
behavioral1
Sample
944246c622b25e20ac2b929b025868ab_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
darkcomet
Guest16
mrtarek.no-ip.biz:1604
DC_MUTEX-HJA8DWM
-
InstallPath
MSDCSC\windows.exe
-
gencode
uqavWxJ9fK1E
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
944246c622b25e20ac2b929b025868ab_JaffaCakes118
-
Size
650KB
-
MD5
944246c622b25e20ac2b929b025868ab
-
SHA1
c17c3069aed87448c050d70938fef531b9e4f142
-
SHA256
5bec625d37415824f7716f239573721837985fdeb2a2f9d4c769f878c089e622
-
SHA512
cdbad2dacd1cb82792396bd55b84e24ebc684150e68fa9a4b81fa2b77808f38276399c8b0036174fbbee647b60c3f276579a850a7d6fe09b0ccbb3ab65303482
-
SSDEEP
12288:dk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aVj:u0QpGih4bd0rv5+l5szLXj917cqPu91T
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1